Jump to content

browser redirects, pop-ups, & other odd behavior

sparky741

By sparky741
in Resolved Malware Removal Logs

 Share

Recommended Posts

sparky741

sparky741

Posted
Posted

Hello,

I have been struggling with this problem for some time now, but none the anti-malware programs I try can seem to get rid of this problem. Google search results get redirected, I get occasional pop-ups and something new just started earlier this week; I get a system shutdown notice because the DCOM service terminated unexpectedly. I figure it is time to take care of the problem now before it gets worse. Here are fresh HijackThis and MBAM logs.

HJT:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:34:01 PM, on 12/27/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\FsUsbExService.Exe

C:\Program Files\Galleon\bin\Wrapper.exe

C:\WINDOWS\system32\java.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\libusbd-nt.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\Program Files\Photodex\ProShow\ScsiAccess.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

C:\WINDOWS\system32\hphmon04.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe

C:\WINDOWS\system32\HPHipm11.exe

C:\Program Files\iPod\bin\iPodService.exe

E:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe

O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKUS\S-1-5-18\..\Run: [startUp This] "C:\Program Files\Laplink\PCmover\LaunchSt.exe" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [startUp This] "C:\Program Files\Laplink\PCmover\LaunchSt.exe" (User 'Default user')

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://*.mcafee.com

O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab

O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrab...rabblecubes.cab

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...w.viewpoint.com

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://msn.worldwinner.com/games/v47/share...GamesLoader.cab

O16 - DPF: {26AFD6EF-C017-4063-B2B1-E515DE98A1B7} - http://download.kodak.com/digital/software...2_1/install.cab

O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/R...bGameLoader.cab

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/20010620...meInstaller.exe

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,9...pdatePortal.cab

O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v51/bejeweled/bejeweled.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121528966730

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124135944485

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab

O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} (BejeweledTwist Control) - http://www.worldwinner.com/games/v51/bejew...eweledtwist.cab

O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v57/wof/wof.cab

O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.brightstreet.com/cif/download/bin/actxcab.cab

O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v49/luxor/luxor.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} (GameTap Web Updater) - http://ak.g.gametap.com/static/cab_headles...pWebUpdater.cab

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/GameHos...ronGameHost.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - file:///C:/Documents%20and%20Settings/user/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/popcaploader_v10.cab

O16 - DPF: {EF6E7E56-9229-4C73-AAD0-15316405DB95} (Easy Photo Uploader) - http://preview.ksweitzer.photosite.com/~si...oadBox_live.cab

O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_...tupv2.0.0.9.cab?

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O21 - SSODL: tiromafek - {b950c87c-80b2-4140-bda5-25c7397d91e5} - c:\windows\system32\kokihove.dll (file missing)

O22 - SharedTaskScheduler: gahurihor - {b950c87c-80b2-4140-bda5-25c7397d91e5} - c:\windows\system32\kokihove.dll (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe

O23 - Service: Galleon - Unknown owner - C:\Program Files\Galleon\bin\Wrapper.exe

O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShow\ScsiAccess.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 13710 bytes

And MBAM log:

Malwarebytes' Anti-Malware 1.42

Database version: 3442

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

12/27/2009 6:45:36 PM

mbam-log-2009-12-27 (18-45-36).txt

Scan type: Quick Scan

Objects scanned: 134494

Time elapsed: 9 minute(s), 31 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Any help that can be provided would be greatly appreciated. Thank you!

Link to post
Share on other sites
SpySentinel

SpySentinel

Posted
Posted

Hi sparky741, welcome to Malwarebytes ;)

Please don't bump your topic. Doing so makes it appear that you are getting help, and we pass it up thinking you have a reply already. ;)

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

netsvcs

%SYSTEMDRIVE%\*.exe

/md5start

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

nvrd32.sys

/md5stop

%systemroot%\*. /mp /s

CREATERESTOREPOINT

%systemroot%\system32\*.dll /lockedfiles

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**

These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

Link to post
Share on other sites
sparky741

sparky741

Posted
  • Author
Posted

OTL logfile created on: 12/30/2009 2:16:17 AM - Run 1

OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\user\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.04 Gb Total Space | 90.71 Gb Free Space | 60.86% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 149.01 Gb Total Space | 79.02 Gb Free Space | 53.03% Space Free | Partition Type: FAT32

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: USER-BE0BB1E6F7

Current User Name: user

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/30 02:14:42 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe

PRC - [2009/12/18 07:21:34 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2009/11/12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe

PRC - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe

PRC - [2009/11/09 11:40:20 | 00,091,392 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe

PRC - [2009/11/09 11:40:10 | 00,273,664 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe

PRC - [2009/10/29 06:54:44 | 01,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe

PRC - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe

PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe

PRC - [2009/10/11 04:17:31 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\java.exe

PRC - [2009/09/27 11:11:15 | 01,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

PRC - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe

PRC - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe

PRC - [2009/09/06 12:38:06 | 00,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe

PRC - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe

PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

PRC - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe

PRC - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe

PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2009/02/19 08:34:32 | 00,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe

PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe

PRC - [2008/11/10 21:33:20 | 00,204,800 | ---- | M] () -- C:\Program Files\Galleon\bin\Wrapper.exe

PRC - [2008/08/22 13:19:14 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe

PRC - [2008/05/26 22:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe

PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/03/23 23:14:14 | 00,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShow\scsiaccess.exe

PRC - [2007/12/20 21:57:26 | 00,512,000 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe

PRC - [2006/11/14 04:21:28 | 16,270,848 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe

PRC - [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe

PRC - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe

PRC - [2006/01/06 14:07:25 | 00,348,160 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon04.exe

PRC - [2006/01/06 13:07:28 | 00,077,824 | ---- | M] (HP) -- C:\WINDOWS\system32\hphipm11.exe

PRC - [2005/03/09 19:50:18 | 00,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\system32\libusbd-nt.exe

PRC - [2004/10/08 07:01:47 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe

PRC - [2003/03/23 10:30:36 | 00,151,597 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

PRC - [2002/11/22 10:49:24 | 00,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZTSB07.EXE

========== Modules (SafeList) ==========

MOD - [2009/12/30 02:14:42 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (NMIndexingService)

SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)

SRV - [2009/11/09 11:40:20 | 00,091,392 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)

SRV - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)

SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2009/09/27 11:11:15 | 01,028,432 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2009/09/16 10:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)

SRV - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)

SRV - [2009/09/06 12:38:06 | 00,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)

SRV - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)

SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2009/07/08 19:22:22 | 00,068,112 | ---- | M] (McAfee) [On_Demand | Stopped] -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor)

SRV - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)

SRV - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)

SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2009/02/19 08:34:32 | 00,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)

SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)

SRV - [2008/11/10 21:33:20 | 00,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Galleon\bin\Wrapper.exe -- (Galleon)

SRV - [2008/10/10 05:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)

SRV - [2008/08/22 13:19:14 | 00,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)

SRV - [2008/04/07 08:17:30 | 00,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2008/03/23 23:14:14 | 00,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShow\scsiaccess.exe -- (ScsiAccess)

SRV - [2007/12/20 21:57:26 | 00,512,000 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)

SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

SRV - [2006/01/06 13:07:28 | 00,077,824 | ---- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\system32\hphipm11.exe -- (Pml Driver HPH11)

SRV - [2005/04/05 10:17:22 | 00,206,552 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)

SRV - [2005/03/09 19:50:18 | 00,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Running] -- C:\WINDOWS\system32\libusbd-nt.exe -- (libusbd)

SRV - [2004/11/22 16:04:14 | 01,273,856 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe -- (Norton Ghost)

SRV - [2004/11/02 15:59:50 | 00,316,544 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Security Center\SYMWSC.EXE -- (SymWSC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.comcast.net/"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.75

FF - prefs.js..network.proxy.http: "adsubtract"

FF - prefs.js..network.proxy.http_port: 4444

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/20 23:16:10 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/20 23:16:10 | 00,000,000 | ---D | M]

[2009/11/10 00:15:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions

[2009/08/08 20:29:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions\mozswing@mozswing.org

[2009/12/29 18:41:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\2kcybcpx.default\extensions

[2009/12/12 17:33:20 | 00,000,000 | ---D | M] (Vista-aero) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\2kcybcpx.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}

[2009/12/29 09:39:56 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (36 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe ()

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZTSB07.EXE (HP)

O4 - HKLM..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe (Hewlett-Packard)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidSetup.exe (JMicron Technology Corp.)

O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe ()

O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe (Motorola)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [skyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not found

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe File not found

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 55924053

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 55924053

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll (Sun Microsystems, Inc.)

O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe (America Online, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)

O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)

O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)

O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/voxacm.CAB (Reg Error: Key error.)

O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab (SupportSoft Script Runner Class)

O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} http://www.worldwinner.com/games/v46/scrab...rabblecubes.cab (ScrabbleCubes Control)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} https://components.viewpoint.com/MTSInstall...w.viewpoint.com (MetaStreamCtl Class)

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://msn.worldwinner.com/games/v47/share...GamesLoader.cab (FunGamesLoader Object)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {26AFD6EF-C017-4063-B2B1-E515DE98A1B7} http://download.kodak.com/digital/software...2_1/install.cab (Reg Error: Key error.)

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)

O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)

O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} http://zone.msn.com/bingame/rtlw/default/R...bGameLoader.cab (WebGameLoader Class)

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a224.g.akamai.net/7/224/52/20010620...meInstaller.exe (Reg Error: Key error.)

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (Reg Error: Key error.)

O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} http://www.amiuptodate.com/vsc/bin/1,0,0,9...pdatePortal.cab (McUpdatePortalFactory Class)

O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} http://www.worldwinner.com/games/v51/bejeweled/bejeweled.cab (Bejeweled Control)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1121528966730 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1124135944485 (MUWebControl Class)

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/bingame/luxr/default/mjolauncher.cab (MJLauncherCtrl Class)

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} http://www.worldwinner.com/games/v51/bejew...eweledtwist.cab (BejeweledTwist Control)

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...B?37879.8565625 (Reg Error: Key error.)

O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinner.com/games/v57/wof/wof.cab (WoF Control)

O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.brightstreet.com/cif/download/bin/actxcab.cab (CBSTIEPrint Class)

O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} http://www.worldwinner.com/games/v49/luxor/luxor.cab (WwLuxor Control)

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab (DwnldGroupMgr Class)

O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} http://ak.g.gametap.com/static/cab_headles...pWebUpdater.cab (GameTap Web Updater)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CEBC955E-58AF-11D2-A30A-00A0C903492B} http://windowsupdate.microsoft.com/R836/V3...en/actsetup.cab (Reg Error: Key error.)

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://chill.comcast.net/Gameshell/GameHos...ronGameHost.cab (Oberon Flash Game Host)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} http://zone.msn.com/bingame/feed/default/SproutLauncher.cab (SproutLauncherCtrl Class)

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} file:///C:/Documents%20and%20Settings/user/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/popcaploader_v10.cab (PopCapLoader Object)

O16 - DPF: {EF6E7E56-9229-4C73-AAD0-15316405DB95} http://preview.ksweitzer.photosite.com/~si...oadBox_live.cab (Easy Photo Uploader)

O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} http://cvs.pnimedia.com/upload/activex/v2_...tupv2.0.0.9.cab? (Photo Upload Plugin Class)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\SYSTEM\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.75.198 68.87.64.150

O18 - Protocol\Handler\junomsg {C4D10830-379D-11d4-9B2D-00C04F1579A5} - C:\Program Files\Juno\bin\jmsgpph.dll (Juno Online Services, Inc.)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O21 - SSODL: tiromafek - {b950c87c-80b2-4140-bda5-25c7397d91e5} - C:\WINDOWS\System32\kokihove.dll File not found

O22 - SharedTaskScheduler: {b950c87c-80b2-4140-bda5-25c7397d91e5} - gahurihor - C:\WINDOWS\System32\kokihove.dll File not found

O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/03/20 19:24:18 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2002/03/12 21:12:20 | 00,000,194 | ---- | M] () - C:\AUTOEXEC.BIT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/03/20 11:13:00 | 00,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (71498148777820160)

========== Files/Folders - Created Within 14 Days ==========

[2009/12/30 02:14:41 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe

[2009/12/29 00:53:57 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\user\Recent

[2009/12/28 19:46:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Windows Search

[2009/12/28 18:50:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData

[2009/12/27 18:19:57 | 00,000,000 | --SD | C] -- C:\ComboFix

[2009/12/25 03:19:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Tracing

[2009/12/25 03:16:54 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework

[2009/12/25 03:14:40 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft

[2009/12/25 03:14:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft

[2009/12/25 03:14:20 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive

[2009/12/25 03:10:05 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live

[2009/12/20 23:17:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/12/20 23:15:24 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2009/12/02 18:03:08 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2009/11/17 17:39:50 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2009/11/17 17:24:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe

[2009/07/30 23:02:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2008/10/28 22:19:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple

[2008/10/08 21:32:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\TiVo Desktop

[2008/03/29 09:37:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2008/03/29 09:37:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2008/03/29 09:37:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Laplink

[2004/11/24 13:25:52 | 00,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll

[2004/04/16 16:43:48 | 00,021,866 | ---- | C] (In-System Design, Inc.) -- C:\Program Files\Common Files\TPPUPD2K.DLL

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/30 02:14:42 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe

[2009/12/30 01:50:01 | 00,000,268 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Login.job

[2009/12/30 01:50:01 | 00,000,268 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job

[2009/12/29 22:12:35 | 00,000,562 | ---- | M] () -- C:\HPFR5550.XML

[2009/12/29 22:00:50 | 00,025,313 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF

[2009/12/29 09:12:37 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2009/12/29 09:09:34 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/12/29 09:09:31 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/12/29 00:54:02 | 06,815,744 | -H-- | M] () -- C:\Documents and Settings\user\NTUSER.DAT

[2009/12/29 00:54:02 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\user\ntuser.ini

[2009/12/27 18:43:23 | 00,016,384 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/12/27 12:46:28 | 00,098,937 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Aspen_VoiceMail_5-18-09.wav

[2009/12/27 12:11:04 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2009/12/26 09:59:27 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/12/25 03:21:44 | 00,761,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/12/25 03:17:43 | 00,191,624 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2009/12/25 03:15:44 | 00,000,896 | ---- | M] () -- C:\Documents and Settings\user\My Documents\My Sharing Folders.lnk

[2009/12/22 01:12:29 | 02,119,392 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\IconCache.db

[2009/12/21 20:31:31 | 00,000,028 | ---- | M] () -- C:\WINDOWS\POPCINFO.DAT

[2009/12/20 23:07:21 | 00,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk

[2009/12/20 10:35:21 | 00,013,312 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Krissy.doc

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2029/12/15 11:41:12 | 00,249,888 | RH-- | C] () -- C:\CLASSES.1ST

[2009/12/29 17:50:44 | 00,000,268 | ---- | C] () -- C:\WINDOWS\tasks\HP Usg Daily.job

[2009/12/27 12:46:28 | 00,098,937 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Aspen_VoiceMail_5-18-09.wav

[2009/12/26 10:01:24 | 00,000,268 | ---- | C] () -- C:\WINDOWS\tasks\HP Usg Login.job

[2009/12/25 03:15:44 | 00,000,896 | ---- | C] () -- C:\Documents and Settings\user\My Documents\My Sharing Folders.lnk

[2009/11/28 12:36:32 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2009/11/28 11:31:52 | 00,004,050 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2009/10/10 08:46:51 | 00,019,066 | ---- | C] () -- C:\Documents and Settings\user\Application Data\anicotajep.dll

[2009/10/10 08:46:51 | 00,017,836 | ---- | C] () -- C:\Program Files\Common Files\uceveqo.vbs

[2009/10/10 08:46:51 | 00,017,327 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\gyso.exe

[2009/10/10 08:46:51 | 00,014,159 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\usurec.dl

[2009/10/10 08:46:51 | 00,012,788 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\usewahug.pif

[2009/10/10 08:46:51 | 00,012,356 | ---- | C] () -- C:\Program Files\Common Files\axewaqur.dat

[2009/10/10 08:46:51 | 00,011,386 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\xuxixy.lib

[2009/10/10 08:46:51 | 00,010,966 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\lydav.exe

[2009/10/10 08:46:51 | 00,010,910 | ---- | C] () -- C:\Documents and Settings\user\Application Data\qewapidy.inf

[2009/10/10 08:39:38 | 00,000,014 | ---- | C] () -- C:\Documents and Settings\user\Application Data\iniasd.txt

[2009/09/22 21:13:29 | 00,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys

[2009/09/05 23:11:21 | 00,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll

[2009/09/05 23:11:21 | 00,012,664 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys

[2009/09/05 23:11:19 | 00,012,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys

[2009/09/05 23:11:19 | 00,010,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys

[2009/09/05 23:10:14 | 00,013,174 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2009/05/07 22:32:43 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\user\Application Data\$_hpcst$.hpc

[2009/05/07 22:24:28 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll

[2009/05/07 22:24:28 | 00,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys

[2008/09/04 21:51:09 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2008/09/04 21:51:09 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2008/07/20 23:07:57 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008/07/12 12:04:39 | 00,000,173 | ---- | C] () -- C:\WINDOWS\ConnMgr.ini

[2008/05/12 12:24:40 | 00,016,384 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/03/26 22:42:44 | 00,040,913 | ---- | C] () -- C:\Documents and Settings\user\Application Data\FASTWiz.log

[2008/03/26 22:07:45 | 00,000,081 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\FASTWiz.log

[2008/03/20 19:48:46 | 00,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys

[2008/03/20 19:30:33 | 00,000,907 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini

[2008/03/20 19:30:33 | 00,000,263 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini

[2008/03/20 19:29:56 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2008/03/20 19:29:47 | 00,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2007/10/25 16:26:10 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2007/09/05 21:34:55 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini

[2007/04/22 19:15:29 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2007/04/22 19:01:47 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll

[2006/06/04 16:31:22 | 00,001,372 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2006/04/24 19:52:28 | 00,100,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvata.sys

[2006/01/30 23:16:47 | 00,000,339 | ---- | C] () -- C:\WINDOWS\Proxyrama.INI

[2006/01/29 00:49:28 | 00,000,019 | ---- | C] () -- C:\WINDOWS\SoundConverter.INI

[2006/01/27 22:48:26 | 00,258,048 | ---- | C] () -- C:\WINDOWS\System32\shpshftr.dll

[2006/01/27 22:47:59 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\igfxdgps.dll

[2006/01/27 22:47:59 | 00,012,351 | ---- | C] () -- C:\WINDOWS\System32\i81xcoin.dll

[2005/12/27 18:34:43 | 00,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2005/08/31 10:43:32 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll

[2005/02/06 23:31:55 | 00,205,312 | R--- | C] () -- C:\WINDOWS\patchw32.dll

[2005/02/06 23:31:15 | 00,205,312 | R--- | C] () -- C:\WINDOWS\pw32a.dll

[2004/11/23 22:17:56 | 00,000,115 | ---- | C] () -- C:\Documents and Settings\user\Application Data\fusioncache.dat

[2004/10/12 00:40:58 | 02,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll

[2004/10/12 00:39:48 | 00,028,160 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll

[2004/10/12 00:39:08 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll

[2004/10/09 00:40:16 | 00,454,144 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll

[2004/10/05 02:16:08 | 00,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll

[2004/10/03 11:50:54 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll

[2004/09/01 10:49:17 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\QT-MT331.DLL

[2004/05/07 22:22:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PhotoSuite.INI

[2004/01/18 17:08:52 | 00,001,017 | ---- | C] () -- C:\WINDOWS\PSMPLAY.INI

[2004/01/18 17:03:11 | 00,000,070 | ---- | C] () -- C:\WINDOWS\MMPOLY.INI

[2004/01/18 17:02:02 | 00,511,488 | ---- | C] () -- C:\WINDOWS\System32\PWMDTOOL.DLL

[2004/01/18 17:02:02 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\CWPWMD10.DLL

[2004/01/18 17:01:34 | 00,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv5787p7now.sys

[2003/04/11 18:07:21 | 00,000,052 | ---- | C] () -- C:\WINDOWS\HPQWRAP.INI

[2003/04/11 17:56:51 | 00,000,034 | ---- | C] () -- C:\WINDOWS\HPFSCHED.INI

[2003/04/08 18:53:49 | 00,001,431 | ---- | C] () -- C:\WINDOWS\Perwty02.ini

[2003/03/12 17:19:51 | 00,202,752 | ---- | C] () -- C:\WINDOWS\CDAC14BA.DLL

[2002/11/22 10:50:06 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll

[2002/09/03 21:12:11 | 00,001,323 | ---- | C] () -- C:\WINDOWS\INTLLCT.INI

[2002/07/21 13:24:53 | 00,000,784 | ---- | C] () -- C:\Documents and Settings\user\Application Data\MPAUTH.DAT

[2002/06/16 13:42:30 | 00,037,376 | ---- | C] () -- C:\WINDOWS\System32\VbVfw.dll

[2002/06/13 12:58:58 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\LTTLS13N.DLL

[2002/06/13 12:58:44 | 00,708,608 | ---- | C] () -- C:\WINDOWS\System32\LTCRY13N.DLL

[2002/06/13 12:58:28 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL

[2002/06/13 12:58:24 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL

[2002/06/06 17:55:55 | 00,000,063 | ---- | C] () -- C:\WINDOWS\MDM.INI

[2002/04/25 20:44:39 | 00,002,783 | ---- | C] () -- C:\WINDOWS\VTruck1.ini

[2002/04/21 13:25:15 | 00,001,138 | ---- | C] () -- C:\WINDOWS\Perwty01.ini

[2002/03/05 16:09:01 | 00,000,007 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameD.txt

[2002/02/28 17:15:08 | 00,089,600 | ---- | C] () -- C:\WINDOWS\System32\MP4FIL32.DLL

[2002/02/07 21:00:19 | 00,056,320 | ---- | C] () -- C:\WINDOWS\System32\IYVU9_32.DLL

[2002/01/25 19:11:45 | 00,000,074 | ---- | C] () -- C:\WINDOWS\HDKCTNTS.INI

[2002/01/24 21:41:35 | 00,004,094 | ---- | C] () -- C:\WINDOWS\System32\RTCSSES.DLL

[2002/01/24 21:41:35 | 00,004,094 | ---- | C] () -- C:\WINDOWS\System32\DIMCES.DLL

[2002/01/20 13:48:48 | 00,000,038 | ---- | C] () -- C:\WINDOWS\GRAPPLER.INI

[2002/01/20 13:48:48 | 00,000,025 | ---- | C] () -- C:\WINDOWS\TSCFM.INI

[2002/01/20 13:26:47 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\gl.dll

[2002/01/20 13:26:47 | 00,006,138 | ---- | C] () -- C:\WINDOWS\System32\e1.ini

[2002/01/19 18:09:49 | 00,012,484 | ---- | C] () -- C:\WINDOWS\IOS.INI

[2002/01/19 18:09:49 | 00,007,885 | ---- | C] () -- C:\WINDOWS\NETDET.INI

[2002/01/19 18:09:49 | 00,006,853 | ---- | C] () -- C:\WINDOWS\OPERA.INI

[2002/01/19 18:09:49 | 00,002,885 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI

[2002/01/19 18:09:49 | 00,002,474 | ---- | C] () -- C:\WINDOWS\HPFCSS13.INI

[2002/01/19 18:09:49 | 00,001,270 | ---- | C] () -- C:\WINDOWS\HPFDJC13.INI

[2002/01/19 18:09:49 | 00,001,125 | ---- | C] () -- C:\WINDOWS\WINAMP.INI

[2002/01/19 18:09:49 | 00,001,081 | ---- | C] () -- C:\WINDOWS\JUNO.INI

[2002/01/19 18:09:49 | 00,000,932 | ---- | C] () -- C:\WINDOWS\MRUN32.INI

[2002/01/19 18:09:49 | 00,000,885 | ---- | C] () -- C:\WINDOWS\TSCTV.INI

[2002/01/19 18:09:49 | 00,000,847 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2002/01/19 18:09:49 | 00,000,816 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI

[2002/01/19 18:09:49 | 00,000,787 | ---- | C] () -- C:\WINDOWS\SCANREG.INI

[2002/01/19 18:09:49 | 00,000,295 | ---- | C] () -- C:\WINDOWS\SBWizard.ini

[2002/01/19 18:09:49 | 00,000,237 | ---- | C] () -- C:\WINDOWS\TELEPHON.INI

[2002/01/19 18:09:49 | 00,000,109 | ---- | C] () -- C:\WINDOWS\IFOLDER.INI

[2002/01/19 18:09:49 | 00,000,092 | ---- | C] () -- C:\WINDOWS\CALERA.INI

[2002/01/19 18:09:49 | 00,000,074 | ---- | C] () -- C:\WINDOWS\IMPORTCLIENT.INI

[2002/01/19 18:09:49 | 00,000,061 | ---- | C] () -- C:\WINDOWS\PROGMAN.INI

[2002/01/19 18:09:49 | 00,000,060 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI

[2002/01/19 18:09:49 | 00,000,028 | ---- | C] () -- C:\WINDOWS\QTW.INI

[2002/01/19 18:09:49 | 00,000,028 | ---- | C] () -- C:\WINDOWS\NETSCAPE.INI

[2002/01/19 18:09:49 | 00,000,026 | ---- | C] () -- C:\WINDOWS\MSOFFICE.INI

[2002/01/19 18:09:49 | 00,000,025 | ---- | C] () -- C:\WINDOWS\SOL.INI

[2002/01/19 18:09:49 | 00,000,022 | ---- | C] () -- C:\WINDOWS\SHAREMEM.INI

[2002/01/19 18:09:48 | 00,005,068 | ---- | C] () -- C:\WINDOWS\DELETEFI.INI

[2002/01/19 18:09:48 | 00,003,598 | ---- | C] () -- C:\WINDOWS\HTMLHELP.INI

[2002/01/19 18:09:48 | 00,000,054 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI

[2001/12/03 21:53:17 | 00,458,752 | ---- | C] () -- C:\WINDOWS\System32\Fpl.dll

[2001/12/03 21:53:17 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll

[2001/12/03 21:53:16 | 00,332,800 | ---- | C] () -- C:\WINDOWS\System32\Fpxlib.dll

[2001/12/03 21:53:16 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\Jpeglib.dll

[2001/11/12 17:59:18 | 00,080,896 | ---- | C] () -- C:\Documents and Settings\user\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2001/09/17 17:00:54 | 00,082,206 | ---- | C] () -- C:\Program Files\installScreen.jpg

[2001/09/06 16:02:53 | 00,091,469 | ---- | C] () -- C:\Program Files\installScreen2.jpg

[2001/08/09 15:40:23 | 00,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL

[2001/08/09 15:40:23 | 00,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL

[2001/08/09 15:40:23 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL

[2001/08/09 15:40:16 | 00,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL

[2001/08/08 22:47:08 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\PretzelSpellCheck.dll

[2001/08/08 22:47:06 | 00,745,472 | ---- | C] () -- C:\WINDOWS\System32\PMAppBuilder.dll

[2001/08/08 22:47:06 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\PMovieServer.dll

[2000/06/06 15:21:34 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\icmfilter.dll

[1999/01/22 12:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[1998/10/10 23:07:38 | 00,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

[1998/01/10 22:23:54 | 00,023,357 | -H-- | C] () -- C:\Program Files\folder.htt

[1996/11/16 23:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL

[1996/11/16 23:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL

[1996/11/16 23:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

[1979/12/31 23:00:00 | 00,001,646 | ---- | C] () -- C:\WINDOWS\MSDOS.SYS

========== LOP Check ==========

[2008/04/05 09:28:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software

[2008/03/29 02:00:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fellowes

[2008/03/29 02:02:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FunGames

[2009/01/03 12:10:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameTap Web Player

[2008/03/29 02:02:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\interMute

[2009/02/03 23:12:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Light-O-Rama

[2008/10/14 21:48:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe

[2008/06/01 10:19:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia

[2008/03/29 02:03:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo

[2008/03/29 02:03:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MVTLogs

[2009/05/07 22:25:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite

[2008/03/29 02:03:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap

[2009/11/26 21:05:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games

[2008/03/29 01:15:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spearit

[2009/09/05 23:52:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2008/03/29 02:04:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2009/12/20 23:18:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/08/26 17:09:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2009/09/06 11:10:16 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}

[2008/03/29 04:07:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\acccore

[2009/10/25 23:12:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Acoustica

[2008/03/29 04:07:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Aim

[2008/03/29 04:07:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ApplicationHistory

[2008/03/29 04:07:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\BVRP Software

[2009/01/11 16:35:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Canneverbe_Limited

[2008/03/29 04:07:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\CDBurnerXP_Soft

[2008/03/29 04:07:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\DataLayer

[2008/03/29 04:07:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Downloaded Installations

[2009/06/11 22:34:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Image Zone Express

[2009/12/05 00:28:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\InfraRecorder

[2008/03/29 04:08:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\InterTrust

[2008/03/29 04:08:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\IsolatedStorage

[2008/03/29 04:08:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Jasc

[2009/10/31 23:27:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\LimeWire

[2008/06/01 10:19:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Ludia

[2008/10/26 11:08:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mattel

[2008/03/29 04:08:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\MGI

[2008/03/29 04:10:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\MTV Networks

[2008/03/29 04:10:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Netscape

[2008/03/29 04:10:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Nokia

[2008/03/29 04:10:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\PC Suite

[2008/03/29 04:10:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Photodex

[2008/03/29 04:10:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Printer Info Cache

[2009/05/07 22:32:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Samsung

[2008/03/29 04:10:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Seven Zip

[2008/03/29 04:10:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Snapfish

[2008/03/29 01:15:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Spearit

[2008/03/29 04:13:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Template

[2008/03/29 04:13:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\The Weather Channel

[2008/03/29 04:13:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\TiVo Desktop

[2008/03/29 04:13:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\TuneUp Software

[2009/02/24 02:45:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\uTorrent

[2008/10/15 17:24:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\VideoReDo-TVSuite

[2008/03/29 04:13:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Viewpoint

[2008/03/29 04:13:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Wildtangent

[2009/11/17 17:24:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Windows Desktop Search

[2009/12/28 19:46:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Windows Search

[2008/03/29 04:13:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\WorldWinner.com

[2008/03/29 04:14:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150070}

[2009/12/27 12:11:04 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

[2009/11/15 01:00:00 | 00,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job

[2009/12/01 01:00:00 | 00,000,336 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

[2009/12/29 09:12:37 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

[2003/05/11 21:11:28 | 00,000,360 | ---- | M] () -- C:\WINDOWS\Tasks\PCHealth Scheduler for Data Collection.job

[2009/12/05 23:00:00 | 00,000,502 | ---- | M] () -- C:\WINDOWS\Tasks\Tune-up Application Start.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

[2005/07/09 12:52:42 | 00,575,184 | ---- | M] (Symantec Corporation) -- C:\sevinst.exe

< MD5 for: AGP440.SYS >

[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >

[2002/08/29 03:27:50 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\I386\ATAPI.SYS

[2002/08/29 03:27:50 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\I386\ATAPI.SYS

[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004/10/08 07:01:47 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >

[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

[2004/10/08 07:01:47 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >

[2005/06/17 10:33:40 | 00,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\DRIVERS\006_STORAGE\INTEL\SATARAID\IASTOR.SYS

< MD5 for: IDECHNDR.SYS >

[2004/10/08 07:01:47 | 00,101,431 | ---- | M] (Intel Corporation) MD5=7D2B8BE9E89628663C1FB571F7C34062 -- C:\DRIVERS\006_STORAGE\INTEL\EIDE\IDECHNDR.SYS

< MD5 for: NETLOGON.DLL >

[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

[2004/10/08 07:01:47 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATA.SYS >

[2006/03/16 05:51:32 | 00,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\PNPDRIVERS\NVIDIA\CHIPSET\IDE\WINXP\SATA_IDE\NVATA.SYS

[2006/04/24 19:52:28 | 00,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\DRIVERS\006_STORAGE\NVIDIA\EIDE\NVATA.SYS

[2006/04/24 19:52:28 | 00,100,736 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nvata.sys

< MD5 for: NVATABUS.SYS >

[2006/03/16 05:51:32 | 00,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\PNPDRIVERS\NVIDIA\CHIPSET\IDE\WINXP\SATARAID\NVATABUS.SYS

[2006/04/24 19:52:28 | 00,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\DRIVERS\006_STORAGE\NVIDIA\RAID\NVATABUS.SYS

[2006/06/16 18:55:20 | 00,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\WINDOWS\system32\drivers\nvatabus.sys

< MD5 for: SCECLI.DLL >

[2004/10/08 07:01:47 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: VIAMRAID.SYS >

[2005/04/08 14:43:26 | 00,060,928 | ---- | M] (VIA Technologies inc,.ltd) MD5=0363E216E4EB5052969C96608934DBDE -- C:\DRIVERS\006_STORAGE\64XX\VIAMRAID.SYS

< MD5 for: VIASRAID.SYS >

[2004/10/08 07:01:47 | 00,077,312 | ---- | M] (VIA Technologies inc,.ltd) MD5=EBE101C01D80A42868F57B327BE1B564 -- C:\DRIVERS\006_STORAGE\VIA\SATARAID\VIASRAID.SYS

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

[2009/07/17 14:01:06 | 00,058,880 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\atl.dll

[2009/10/29 02:45:33 | 11,069,952 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll

[2009/07/30 23:35:42 | 01,172,480 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msxml3.dll

[2009/07/13 22:43:24 | 10,841,088 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\wmp.dll

[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

========== Alternate Data Streams ==========

@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66633281

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B85C37B

@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0888F409

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D7B24563

< End of report >

Link to post
Share on other sites
sparky741

sparky741

Posted
  • Author
Posted

OTL Extras logfile created on: 12/30/2009 2:16:17 AM - Run 1

OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\user\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.04 Gb Total Space | 90.71 Gb Free Space | 60.86% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 149.01 Gb Total Space | 79.02 Gb Free Space | 53.03% Space Free | Partition Type: FAT32

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: USER-BE0BB1E6F7

Current User Name: user

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Standard

Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

"2190:UDP" = 2190:UDP:*:Enabled:HMO

"2190:TCP" = 2190:TCP:*:Enabled:HMO

"8081:TCP" = 8081:TCP:*:Enabled:HMO

"5353:UDP" = 5353:UDP:*:Enabled:HME

"7288:TCP" = 7288:TCP:*:Enabled:HME

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Juno\bin\juno.exe" = C:\Program Files\Juno\bin\juno.exe:*:Enabled:Juno -- (Juno Online Services, Inc.)

"C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe" = C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)

"C:\Program Files\Galleon\bin\galleon.exe" = C:\Program Files\Galleon\bin\galleon.exe:*:Enabled:Galleon -- File not found

"C:\Program Files\Galleon\bin\gui.exe" = C:\Program Files\Galleon\bin\gui.exe:*:Enabled:Galleon -- File not found

"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)

"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)

"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

"C:\Program Files\Galleon\bin\Wrapper.exe" = C:\Program Files\Galleon\bin\Wrapper.exe:*:Enabled:Galleon -- ()

"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)

"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)

"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)

"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)

"C:\Program Files\McAfee\VirusScan\mcvsmap.exe" = C:\Program Files\McAfee\VirusScan\mcvsmap.exe:*:Enabled:mcvsmap -- (McAfee, Inc.)

"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)

"C:\Program Files\Motorola\Software Update\msu.exe" = C:\Program Files\Motorola\Software Update\msu.exe:*:Enabled:msu -- (Motorola)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{01BDFB08-EE88-4E5E-94A6-AE9EDCFA40C5}" = Microsoft IntelliPoint 4.0

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

"{1526D87C-A955-4FAB-BF18-697BA457E352}" = Norton WMI Update

"{16B18999-56D7-4E8F-A40C-385E68A6D0CD}" = Barbie Girls

"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter

"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1BFB8A8A-7650-4C7C-81CA-5DFEB644E7EF}" = Motorola Software Update

"{1C338B34-1BFB-4BAD-B4A3-7B71A2E221F6}" = GameTap Web Player

"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{20820A45-02A1-144C-21A3-A1812C5DDE23}" = Catalyst Control Center InstallProxy

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{268D18A2-4539-4530-8192-F13EDD876FFC}" = MediaFACE 4.0 General Image Library

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 17

"{28E7B64D-150F-4A9E-B7A3-5A6AC8C2F822}" = ebgcSDK

"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation

"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools

"{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}" = TurboTax ItsDeductible 2005

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36495C59-089C-49D1-BD15-9E5BD86DC9A1}" = ItsDeductible Express

"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder

"{39B1BD87-561E-4762-AED9-7C5213B06C24}" = ebgcInfra

"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer

"{3C759736-8347-4031-BB9C-D75ADFE6B101}" = Norton Ghost 9.0

"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{49FA793C-785E-47E9-93DF-BD442B0B45D1}" = McAfee Virtual Technician

"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack

"{55937F00-A69B-4049-8D3A-1C7729742B6F}" = BUM

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate

"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7

"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic

"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6CE282C3-78BE-463F-A3C1-8C9F98E61CCE}" = ebgcRes

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset

"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver

"{7EC003A3-51E9-4019-BEC0-DF99B0DF5CCF}" = NVDVD

"{7F581D1D-C9A7-4C77-B88A-27537173CEDF}" = MediaFACE 4.0

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{816EA7C2-9B8D-48CA-A424-3DE3C80A5033}" = Motorola Driver Installation 4.2.0

"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver

"{8739235F-201D-449C-A03F-277A85F0FE1E}" = MediaFACE 4.0 Music Image Library

"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine

"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A62A068-3FD6-495A-9F66-26FE94F32EC9}" = Rhapsody Player Engine

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update

"{8DD144C1-5EAD-4D55-80A1-ACAF893A4FFE}" = PrintMaster

"{92F36672-245D-11D5-AC74-00105A0CF83E}" = Juno

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9AD92782-CAC6-48DF-A060-BFD6FE7689E7}" = MediaFACE 4.0 Lifestyle Image Library

"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime

"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser

"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support

"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution

"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2

"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006

"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper

"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport

"{B27CF766-C0B4-4591-9E7C-832CD1CE7466}" = Redirector

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B41B9D4A-42D5-F51F-4F9A-626D9A06CB4C}" = ccc-core-preinstall

"{B9CA5A3A-28C6-48B4-82AE-087BE835D45A}" = LORVis

"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C7793EE8-F666-4E6B-9827-76468679480E}" = Tweakui Powertoy for Windows XP

"{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}" = Symantec Network Drivers Update

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CBD55377-3FEA-4A93-A877-DB87B6C6C990}" = Logitech Harmony Remote Software 7

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF59708F-60F4-11D5-866A-00A0D2183227}" = On2 VP3 Video for Windows Codec

"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Try And Buy

"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari

"{DA84434F-25B6-4716-A390-AC678FB6516D}" = MediaFACE 4.0 Special Occasion Image Library

"{DA9DAC64-C947-47BA-B411-8A1959B177CF}" = LightScribe System Software 1.14.25.1

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware

"{E258A840-7E9A-443A-B156-67102C48BF17}" = TPP Storage Driver Installation

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp

"{E744BFEA-E027-441E-83A2-36202F661E31}" = Light-O-Rama

"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks

"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F49FEF83-45CA-4CE8-8304-A7372BA07AA9}" = Motorola Phone Tools

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II

"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)

"42 Bit Scanner" = 42 Bit Scanner

"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)

"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)

"Acoustica CD/DVD Label Maker" = Acoustica CD/DVD Label Maker

"Ad-Aware" = Ad-Aware

"Adobe Acrobat 5.0" = Adobe Acrobat 4.0, 5.0

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11

"AIM_6.0" = AIM 6.0

"All ATI Software" = ATI - Software Uninstall Utility

"AOL Instant Messenger" = AOL Instant Messenger

"ATI Display Driver" = ATI Display Driver

"Audacity_is1" = Audacity 1.2.6

"audcle" = Plus! MP3 Audio Converter LE

"AviSynth" = AviSynth 2.5

"Barbie Video Phone" = Barbie Video Phone

"Bejeweled 2 Deluxe" = Bejeweled 2 Deluxe

"Bejeweled Twist

Link to post
Share on other sites
SpySentinel

SpySentinel

Posted
Posted

Hi sparky741,

Download Kenco.exe to your desktop

  • Close all windows and run the program
  • It wont take long to run. Post the log it gives you ( it will also be saved in the same place as Kenco.exe

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

Run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

    :Files
    C:\WINDOWS\System32\affv5787p7now.sys
    C:\Documents and Settings\user\Application Data\anicotajep.dll
    C:\Program Files\Common Files\uceveqo.vbs
    C:\Documents and Settings\user\Local Settings\Application Data\gyso.exe
    C:\Documents and Settings\All Users\Application Data\usurec.dl
    C:\Documents and Settings\All Users\Application Data\usewahug.pif
    C:\Program Files\Common Files\axewaqur.dat
    C:\Documents and Settings\user\Local Settings\Application Data\xuxixy.lib
    C:\Documents and Settings\All Users\Application Data\lydav.exe
    C:\Documents and Settings\user\Application Data\qewapidy.inf
    C:\Documents and Settings\user\Application Data\iniasd.txt
    C:\Documents and Settings\user\Application Data\Viewpoint

    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done

Link to post
Share on other sites
sparky741

sparky741

Posted
  • Author
Posted

OK, here is the kenco log. I also removed Viewpoint as suggested and ran the OTL fix provided.

Kenco by jpshortstuff (30.12.09.1)

Log created at 00:48 on 31/12/2009 (user)

========== Task Unlocker ==========

========== KencoScan ==========

========== C:\WINDOWS\Tasks ==========

Ad-Aware Update (Weekly).job -> [16:12 06/09/2009] 472 bytes

AppleSoftwareUpdate.job -> [21:45 19/10/2008] 284 bytes

HP Usg Daily.job -> [22:29 30/12/2009] 268 bytes

HP Usg Login.job -> [07:32 30/12/2009] 268 bytes

McDefragTask.job -> [03:12 30/09/2007] 344 bytes

McQcTask.job -> [03:12 30/09/2007] 336 bytes

MP Scheduled Scan.job -> [04:51 01/12/2009] 330 bytes

PCHealth Scheduler for Data Collection.job -> [03:29 11/01/1998] 360 bytes

Tune-up Application Start.job -> [04:00 01/01/1980] 502 bytes

-=E.O.F=-

Link to post
Share on other sites
SpySentinel

SpySentinel

Posted
Posted

Hi sparky741,

Hope you have a Happy New Year :)

Launch Malwarebytes' Anti-Malware

  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases

[*]Click on My Computer under Scan.

[*]Once the scan is complete, it will display the results. Click on View Scan Report.

[*]You will see a list of infected items there. Click on Save Report As....

[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

Link to post
Share on other sites
sparky741

sparky741

Posted
  • Author
Posted

Thank you! Happy New Year to you too. :huh:

MBAM downloaded the updates and Quick Scan was run and came up clean. Here is the log:

Malwarebytes' Anti-Malware 1.43

Database version: 3465

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

12/31/2009 4:41:41 PM

mbam-log-2009-12-31 (16-41-41).txt

Scan type: Quick Scan

Objects scanned: 129311

Time elapsed: 6 minute(s), 10 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Kaspersky scan is running and results will be posted when it is finished.

Link to post
Share on other sites
sparky741

sparky741

Posted
  • Author
Posted

OK, Kaspersky report is ready:

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Thursday, December 31, 2009

Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Thursday, December 31, 2009 22:11:15

Records in database: 3420436

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

A:\

C:\

D:\

E:\

F:\

G:\

H:\

I:\

J:\

K:\

Scan statistics:

Objects scanned: 126234

Threats found: 2

Infected objects found: 1

Suspicious objects found: 8

Scan duration: 02:07:52

File name / Threat / Threats count

C:\Documents and Settings\user\Application Data\Identities\{C91BDC6B-583B-4853-92CE-A39536F4C71E}\Microsoft\Outlook Express\2002.dbx Infected: Email-Worm.Win32.Magistr.a 1

C:\Documents and Settings\user\Application Data\Identities\{C91BDC6B-583B-4853-92CE-A39536F4C71E}\Microsoft\Outlook Express\2005.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 3

C:\Documents and Settings\user\Application Data\Identities\{C91BDC6B-583B-4853-92CE-A39536F4C71E}\Microsoft\Outlook Express\Inbox.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1

C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows Live Mail\My Real Box\Inbox\339E41D8-0000000B.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1

C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Inbox\2005\01CE06AA-00000353.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1

C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Inbox\2005\0D463A68-00000352.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1

C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Inbox\2005\7F0B3A05-0000036D.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1

Selected area has been scanned.

Link to post
Share on other sites
SpySentinel

SpySentinel

Posted
Posted

Looks like your inbox is infected.

Run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Files
    C:\Documents and Settings\user\Application Data\Identities\{C91BDC6B-583B-4853-92CE-A39536F4C71E}\Microsoft\Outlook Express\2002.dbx
    C:\Documents and Settings\user\Application Data\Identities\{C91BDC6B-583B-4853-92CE-A39536F4C71E}\Microsoft\Outlook Express\2005.dbx
    C:\Documents and Settings\user\Application Data\Identities\{C91BDC6B-583B-4853-92CE-A39536F4C71E}\Microsoft\Outlook Express\Inbox.dbx
    C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows Live Mail\My Real Box\Inbox\339E41D8-0000000B.eml
    C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Inbox\2005\01CE06AA-00000353.eml
    C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Inbox\2005\0D463A68-00000352.eml
    C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Inbox\2005\7F0B3A05-0000036D.eml

    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done

Link to post
Share on other sites
sparky741

sparky741

Posted
  • Author
Posted

OK, ran fix and it looks as though the Google redirects have been fixed. I will re-post if the random pop-ups still happen, but it looks as if I am good to go! Do you need me to run any other scans of any kind to verify that I am in the clear? Thank you again for your help :)

Link to post
Share on other sites
SpySentinel

SpySentinel

Posted
Posted

Glad to hear the redirects are gone.

Download TFC by OldTimer to your desktop

  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Link to post
Share on other sites
sparky741

sparky741

Posted
  • Author
Posted

Spoke too soon. Just as I thought everything was squeaky clean, I had another infection occur as I was ordering a pizza online :) McAfee went nuts and one of those imposter virus scanners appeared. I was able to kill the process, something like is2010.exe, and run MBAM immediately. Log is below. FWIW, I also ran a SuperAntiSpyware scan too and it removed a couple items. Afterward, I ran the the TFC and RSIT you suggested above. How do these things keep coming back?

Malwarebytes' Anti-Malware 1.43

Database version: 3471

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

1/1/2010 8:40:24 PM

mbam-log-2010-01-01 (20-40-24).txt

Scan type: Quick Scan

Objects scanned: 129233

Time elapsed: 6 minute(s), 28 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 1

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 18

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

C:\WINDOWS\system32\kbdsock.dll (Spyware.Passwords) -> Delete on reboot.

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\IS2010 (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\internet security 2010 (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ekscksmy (Trojan.FakeAlert.N) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files\InternetSecurity2010 (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully.

Files Infected:

C:\ovqac.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mshlps.dll (Spyware.Passwords) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\kbdsock.dll (Spyware.Passwords) -> Delete on reboot.

C:\WINDOWS\system32\hszrf8t3e2.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\winhelper86.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\winlogon86.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\3718715338.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\5fdef45d.exe (Spyware.Passwords) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\h2regdd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\win16.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\mdm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Program Files\InternetSecurity2010\IS2010.exe (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully.

C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnk (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\41.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\flags.ini (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\uses32.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\dfgdgdfgrgdgfdrdfs.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

And SuperAntiSpyware:

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 01/02/2010 at 00:14 AM

Application Version : 4.29.1002

Core Rules Database Version : 4438

Trace Rules Database Version: 2263

Scan type : Quick Scan

Total Scan Time : 00:21:59

Memory items scanned : 563

Memory threats detected : 0

Registry items scanned : 690

Registry threats detected : 0

File items scanned : 23003

File threats detected : 72

Adware.Tracking Cookie

C:\WINDOWS\system32\config\systemprofile\Cookies\system@ads.pointroll[2].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@ads.pointroll[1].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@doubleclick[2].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@doubleclick[1].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@doubleclick[3].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@atdmt[3].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@atdmt[1].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@atdmt[4].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@media.adfrontiers[1].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@bridge2.admarketplace[1].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@overture[2].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@doubleclick[5].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@doubleclick[4].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@overture[3].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@atdmt[6].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@atdmt[5].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@admarketplace[1].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@2o7[2].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@2o7[1].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@redorbit[2].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@click.fastpartner[1].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@burstnet[1].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@atlas.entrepreneur[1].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@insightexpressai[1].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@bs.serving-sys[1].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@ads.redorbit[2].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@ad.yieldmanager[3].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@ad.yieldmanager[2].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@ad.yieldmanager[1].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@ad.yieldmanager[4].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@realmedia[2].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@t.lynxtrack[1].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@content.yieldmanager[1].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@content.yieldmanager[2].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@content.yieldmanager[3].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@ad.yieldmanager[6].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@ad.yieldmanager[5].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@fastclick[1].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@zedo[1].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@zedo[5].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@revsci[1].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@zedo[2].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@zedo[6].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@zedo[3].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@zedo[4].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@tacoda[1].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@tribalfusion[1].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@www.burstnet[1].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@at.atwola[2].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@serving-sys[1].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@network.realmedia[1].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@clickpayz5.91462.blueseek[2].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@clickpayz7.91462.blueseek[2].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@clickpayz2.91462.blueseek[2].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@clickpayz1.91462.blueseek[2].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@imrworldwide[3].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@collective-media[2].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@imrworldwide[4].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@clickpayz9.91462.blueseek[2].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@clickpayz7.91462.blueseek[3].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@media.mtvnservices[1].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@advertising[2].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@media.mtvnservices[2].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@clickthrough.kanoodle[2].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@imrworldwide[2].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@pointroll[3].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@pointroll[2].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@collective-media[1].txt

C:\WINDOWS\system32\config\systemprofile\Cookies\system@clickthrough.kanoodle[1].txt

Rogue.Agent/Gen-Nullo[DLL]

C:\WINDOWS\SYSTEM32\DIMCES.DLL

C:\WINDOWS\SYSTEM32\RTCSSES.DLL

Rogue.Agent/Gen-Nullo[EXE]

C:\WINDOWS\SYSTEM32\MAWUWAHA.EXE

Link to post
Share on other sites
sparky741

sparky741

Posted
  • Author
Posted

And the others...

Logfile of random's system information tool 1.06 (written by random/random)

Run by user at 2010-01-02 01:06:33

Microsoft Windows XP Home Edition Service Pack 3

System drive C: has 94 GB (62%) free of 153 GB

Total RAM: 2046 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:06:34 AM, on 1/2/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\FsUsbExService.Exe

C:\Program Files\Galleon\bin\Wrapper.exe

C:\WINDOWS\system32\java.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\libusbd-nt.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\Program Files\Photodex\ProShow\ScsiAccess.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

C:\WINDOWS\system32\hphmon04.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\system32\HPHipm11.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Documents and Settings\user\My Documents\RSIT\RSIT.exe

E:\user.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

O1 - Hosts: ::1 localhost

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe

O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKUS\S-1-5-18\..\Run: [startUp This] "C:\Program Files\Laplink\PCmover\LaunchSt.exe" (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [ekscksmy] C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\wldvul\bnaksysguard.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [startUp This] "C:\Program Files\Laplink\PCmover\LaunchSt.exe" (User 'Default user')

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://*.mcafee.com

O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab

O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrab...rabblecubes.cab

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstall...w.viewpoint.com

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://msn.worldwinner.com/games/v47/share...GamesLoader.cab

O16 - DPF: {26AFD6EF-C017-4063-B2B1-E515DE98A1B7} - http://download.kodak.com/digital/software...2_1/install.cab

O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/R...bGameLoader.cab

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/20010620...meInstaller.exe

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,9...pdatePortal.cab

O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v51/bejeweled/bejeweled.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121528966730

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124135944485

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab

O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} (BejeweledTwist Control) - http://www.worldwinner.com/games/v51/bejew...eweledtwist.cab

O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v57/wof/wof.cab

O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.brightstreet.com/cif/download/bin/actxcab.cab

O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v49/luxor/luxor.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} (GameTap Web Updater) - http://ak.g.gametap.com/static/cab_headles...pWebUpdater.cab

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/GameHos...ronGameHost.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - file:///C:/Documents%20and%20Settings/user/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/popcaploader_v10.cab

O16 - DPF: {EF6E7E56-9229-4C73-AAD0-15316405DB95} (Easy Photo Uploader) - http://preview.ksweitzer.photosite.com/~si...oadBox_live.cab

O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_...tupv2.0.0.9.cab?

O20 - AppInit_DLLs: C:\WINDOWS\system32\kbdsock.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O21 - SSODL: tiromafek - {b950c87c-80b2-4140-bda5-25c7397d91e5} - c:\windows\system32\kokihove.dll (file missing)

O22 - SharedTaskScheduler: gahurihor - {b950c87c-80b2-4140-bda5-25c7397d91e5} - c:\windows\system32\kokihove.dll (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe

O23 - Service: Galleon - Unknown owner - C:\Program Files\Galleon\bin\Wrapper.exe

O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShow\ScsiAccess.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 13487 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\HP Usg Daily.job

C:\WINDOWS\tasks\HP Usg Login.job

C:\WINDOWS\tasks\McDefragTask.job

C:\WINDOWS\tasks\McQcTask.job

C:\WINDOWS\tasks\MP Scheduled Scan.job

C:\WINDOWS\tasks\PCHealth Scheduler for Data Collection.job

C:\WINDOWS\tasks\Tune-up Application Start.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-10-11 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]

scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-09-16 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"=C:\WINDOWS\JM\JMInsIDE.exe [2006-10-30 36864]

"JMB36X Configure"=C:\WINDOWS\system32\JMRaidSetup.exe [2006-10-30 1953792]

"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [2002-11-22 188416]

"HPHmon04"=C:\WINDOWS\system32\hphmon04.exe [2006-01-06 348160]

"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-10-29 1218008]

"WinampAgent"=C:\Program Files\Winamp\winampa.exe []

"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2003-03-23 151597]

"AsusStartupHelp"=C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe [2006-11-14 363008]

"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-11-14 16270848]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]

C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe [2003-10-06 684032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BarbieGirlsTray]

C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe [2007-03-14 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\calc]

C:\WINDOWS\system32\calc.dll,_IWMPEvents@0 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ComcastSUPPORT]

C:\Program Files\Support.com\bin\tgkill.exe [2001-11-21 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]

C:\Program Files\Common Files\AOL\1132011651\ee\AOLHostManager.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]

C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe [2002-06-13 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]

C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV Agent]

C:\PROGRA~1\NORTON~1\navapw32.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]

C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe [2004-11-22 1126400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NPSStartup]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\qttask.exe [2009-11-10 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

C:\PROGRA~1\SYMNET~1\SNDMon.exe [2005-05-04 100056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2003-03-23 151597]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]

C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe [2005-03-28 28616]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AdSubtract.lnk]

C:\PROGRA~1\ADSUBT~1\adsub.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BitWare Print Monitor.lnk]

C:\BITWARE\NT\bwprnmon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]

C:\PROGRA~1\BRODER~1\PRINTM~1\PMremind.exe [2001-02-23 323584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

C:\PROGRA~1\MI1933~1\Office\OSA9.EXE [2000-01-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"ALG"=3

"C-DillaCdaC11BA"=2

"SymWSC"=2

"SNDSrvc"=3

"Norton Ghost"=2

"iPod Service"=3

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="C:\WINDOWS\system32\kbdsock.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2007-12-20 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\System32\upnpui.dll [2008-04-13 239616]

tiromafek - {b950c87c-80b2-4140-bda5-25c7397d91e5} - c:\windows\system32\kokihove.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]

gahurihor - {b950c87c-80b2-4140-bda5-25c7397d91e5} - c:\windows\system32\kokihove.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"EnableProfileQuota"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoSetActiveDesktop"=0

"NoActiveDesktopChanges"=0

"NoDriveAutoRun"=55924053

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

"NoSetActiveDesktop"=

"NoActiveDesktopChanges"=

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Juno\bin\juno.exe"="C:\Program Files\Juno\bin\juno.exe:*:Enabled:Juno"

"C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe"="C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe:*:Enabled:AOL Instant Messenger"

"C:\Program Files\Galleon\bin\galleon.exe"="C:\Program Files\Galleon\bin\galleon.exe:*:Enabled:Galleon"

"C:\Program Files\Galleon\bin\gui.exe"="C:\Program Files\Galleon\bin\gui.exe:*:Enabled:Galleon"

"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"

"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\Program Files\Galleon\bin\Wrapper.exe"="C:\Program Files\Galleon\bin\Wrapper.exe:*:Enabled:Galleon"

"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server"

"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"

"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"

"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\McAfee\VirusScan\mcvsmap.exe"="C:\Program Files\McAfee\VirusScan\mcvsmap.exe:*:Enabled:mcvsmap"

"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"

"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"

"C:\Program Files\Motorola\Software Update\msu.exe"="C:\Program Files\Motorola\Software Update\msu.exe:*:Enabled:msu"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2010-01-02 00:32:28 ----D---- C:\rsit

2009-12-31 00:52:03 ----A---- C:\WINDOWS\system32\MPFServiceFailureCount.txt

2009-12-31 00:51:49 ----D---- C:\_OTL

2009-12-28 19:46:02 ----D---- C:\Documents and Settings\user\Application Data\Windows Search

2009-12-28 18:50:07 ----D---- C:\WINDOWS\system32\NtmsData

2009-12-27 18:19:57 ----SD---- C:\ComboFix

2009-12-25 08:22:47 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$

2009-12-25 03:17:59 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$

2009-12-25 03:16:54 ----D---- C:\Program Files\Microsoft Sync Framework

2009-12-25 03:14:40 ----D---- C:\Program Files\Microsoft

2009-12-25 03:14:20 ----D---- C:\Program Files\Windows Live SkyDrive

2009-12-25 03:10:05 ----D---- C:\Program Files\Common Files\Windows Live

2009-12-20 23:17:22 ----D---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2009-12-20 23:15:24 ----D---- C:\Program Files\QuickTime

2009-12-09 02:20:36 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$

2009-12-09 02:20:32 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$

2009-12-09 02:20:10 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$

2009-12-09 02:20:05 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$

2009-12-09 02:19:58 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$

2009-12-05 00:28:06 ----D---- C:\Documents and Settings\user\Application Data\InfraRecorder

2009-12-05 00:27:56 ----D---- C:\Program Files\InfraRecorder

======List of files/folders modified in the last 1 months======

2010-01-02 00:59:58 ----D---- C:\WINDOWS\Temp

2010-01-02 00:52:23 ----D---- C:\Program Files\Mozilla Firefox

2010-01-02 00:31:46 ----SD---- C:\WINDOWS\Tasks

2010-01-02 00:27:44 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-01-02 00:15:27 ----D---- C:\WINDOWS\system32

2010-01-01 23:52:57 ----D---- C:\WINDOWS\system32\CatRoot2

2010-01-01 22:53:05 ----D---- C:\WINDOWS\Prefetch

2010-01-01 20:43:23 ----D---- C:\WINDOWS

2010-01-01 20:41:46 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$

2010-01-01 20:41:46 ----D---- C:\WINDOWS\system32\drivers

2010-01-01 20:40:24 ----RD---- C:\Program Files

2010-01-01 20:13:29 ----D---- C:\Program Files\Common Files\Adobe

2010-01-01 20:13:29 ----D---- C:\Program Files\Adobe

2010-01-01 20:12:41 ----SHD---- C:\WINDOWS\Installer

2010-01-01 20:12:09 ----D---- C:\Program Files\Common Files\Motorola Shared

2010-01-01 20:11:10 ----D---- C:\Program Files\Motorola Phone Tools

2010-01-01 20:08:57 ----RSHDC---- C:\WINDOWS\system32\dllcache

2010-01-01 20:08:47 ----HD---- C:\WINDOWS\inf

2010-01-01 20:08:47 ----HD---- C:\Program Files\InstallShield Installation Information

2010-01-01 20:03:49 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$

2010-01-01 19:58:27 ----SHD---- C:\System Volume Information

2010-01-01 19:58:27 ----D---- C:\WINDOWS\system32\Restore

2010-01-01 19:53:23 ----A---- C:\WINDOWS\win.ini

2009-12-31 19:27:29 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2009-12-31 16:34:22 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-12-31 00:51:57 ----D---- C:\Program Files\Common Files

2009-12-31 00:45:38 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint

2009-12-30 02:49:00 ----D---- C:\Temp

2009-12-29 17:49:28 ----D---- C:\Program Files\GetRight

2009-12-28 19:46:03 ----SD---- C:\Documents and Settings\user\Application Data\Microsoft

2009-12-27 18:20:06 ----D---- C:\WINDOWS\ERDNT

2009-12-25 21:53:42 ----D---- C:\sysclean

2009-12-25 06:18:10 ----HD---- C:\WINDOWS\$hf_mig$

2009-12-25 03:21:42 ----D---- C:\WINDOWS\AppPatch

2009-12-25 03:17:15 ----D---- C:\Program Files\Windows Live

2009-12-25 03:16:55 ----D---- C:\WINDOWS\WinSxS

2009-12-25 03:16:47 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

2009-12-25 03:14:26 ----D---- C:\Program Files\Common Files\Microsoft Shared

2009-12-20 23:18:11 ----DC---- C:\WINDOWS\system32\DRVSTORE

2009-12-20 23:18:10 ----D---- C:\Program Files\iTunes

2009-12-20 23:17:28 ----D---- C:\Program Files\iPod

2009-12-20 23:17:25 ----D---- C:\Program Files\Common Files\Apple

2009-12-20 23:07:33 ----D---- C:\Program Files\Safari

2009-12-09 20:48:45 ----D---- C:\WINDOWS\Debug

2009-12-09 07:42:03 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-12-09 02:20:25 ----D---- C:\Program Files\Internet Explorer

2009-12-09 02:20:18 ----D---- C:\WINDOWS\ie8updates

2009-12-06 18:33:07 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$

2009-12-05 00:07:20 ----D---- C:\Program Files\CDBurnerXP

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2006-10-18 12664]

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-09-16 214664]

R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136]

R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []

R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []

R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-12-20 2843136]

R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2009-06-02 99856]

R3 Dot4 HPH11;Dot4 HPH11; C:\WINDOWS\system32\DRIVERS\hphid411.sys [2006-01-06 50896]

R3 Dot4Print HPH11;Print Class Driver for IEEE-1284.4 HPH11; C:\WINDOWS\system32\DRIVERS\hphipr11.sys [2006-01-06 16112]

R3 Dot4Storage HPH11;Storage Class Driver for IEEE-1284.4 (HPH11); C:\WINDOWS\System32\Drivers\hphs2k11.sys [2006-01-06 50276]

R3 Dot4Usb HPH11;Dot4Usb HPH11; C:\WINDOWS\System32\drivers\hphius11.sys [2006-01-06 18928]

R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-15 4225920]

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1; C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 33792]

R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-09-16 79816]

R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-09-16 35272]

R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-09-16 40552]

R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]

R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-08-01 54784]

R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-08-01 22016]

R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]

R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]

S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys []

S3 catchme;catchme; \??\C:\DOCUME~1\user\LOCALS~1\Temp\catchme.sys []

S3 dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]

S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]

S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]

S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2003-10-06 25930]

S3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-28 84992]

S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-09-16 34248]

S3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2003-10-06 30662]

S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys []

S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]

S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]

S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]

S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]

S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]

S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-09-28 7168]

S3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2005-04-05 36984]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2008-04-03 22768]

S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-20 512000]

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]

R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-02-19 233472]

R2 Galleon;Galleon; C:\Program Files\Galleon\bin\Wrapper.exe [2008-11-10 204800]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-09-27 1028432]

R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1; C:\WINDOWS\system32\libusbd-nt.exe [2005-03-09 18944]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-08-22 73728]

R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-09 865832]

R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]

R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]

R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-09-16 144704]

R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-10-27 895696]

R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-09-06 71096]

R2 ScsiAccess;ScsiAccess; C:\Program Files\Photodex\ProShow\ScsiAccess.exe [2008-03-23 181312]

R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]

R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]

R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]

R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-09-16 606736]

R3 Pml Driver HPH11;Pml Driver HPH11; C:\WINDOWS\system32\HPHipm11.exe [2006-01-06 77824]

S2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2009-07-08 68112]

S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-09-16 365072]

S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []

S4 Norton Ghost;Norton Ghost; C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe [2004-11-22 1273856]

S4 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-04-05 206552]

S4 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]

-----------------EOF-----------------

Link to post
Share on other sites
sparky741

sparky741

Posted
  • Author
Posted

and the info file...

info.txt logfile of random's system information tool 1.06 2010-01-02 00:32:39

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\mrun32.isu

-->MsiExec.exe /I{3075C5C3-0807-4924-AF8F-FF27052C12AE}

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B27CF766-C0B4-4591-9E7C-832CD1CE7466}\Setup.exe" -uninst -f""

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

42 Bit Scanner-->C:\PROGRA~1\42BITS~1\UNWISE.EXE C:\PROGRA~1\42BITS~1\INSTALL.LOG

Acoustica CD/DVD Label Maker-->C:\Program Files\Acoustica CD Label Maker\cdlabel.exe UNINSTALL

Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE

Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}

Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log

AIM 6.0-->C:\Program Files\AIM6\uninst.exe

AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly

AnswerWorks 5.0 English Runtime-->MsiExec.exe /I{9E5A03E3-6246-4920-9630-0527D5DA9B07}

AOL Instant Messenger-->C:\Program Files\Netscape\Communicator\Program\AIM\uninstll.exe -LOG= C:\Program Files\Netscape\Communicator\Program\AIM\install.log -OEM=

Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}

Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

ASUSUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9

ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}

ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"

ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}

Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"

AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"

Barbie Girls-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{16B18999-56D7-4E8F-A40C-385E68A6D0CD}

Barbie Video Phone-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Kiddesign\Barbie Video Phone\DeIsL1.isu" -c"C:\Program Files\Kiddesign\Barbie Video Phone\_ISREG32.DLL"

Bejeweled 2 Deluxe-->C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\Install.log"

Bejeweled Twist

Link to post
Share on other sites
SpySentinel

SpySentinel

Posted
Posted

Run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O20 - AppInit_DLLs: C:\WINDOWS\system32\kbdsock.dll
    O21 - SSODL: tiromafek - {b950c87c-80b2-4140-bda5-25c7397d91e5} - c:\windows\system32\kokihove.dll (file missing)
    O22 - SharedTaskScheduler: gahurihor - {b950c87c-80b2-4140-bda5-25c7397d91e5} - c:\windows\system32\kokihove.dll (file missing)

    :Files
    C:\WINDOWS\system32\kbdsock.dll
    c:\windows\system32\kokihove.dll

    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Adobe Reader 8.1.2

Your Adobe Acrobat Reader is out of date. Older versions are vulnerable to attack.

Please go to the link below to update.

http://www.adobe.com/products/acrobat/readstep2.html

Link to post
Share on other sites
sparky741

sparky741

Posted
  • Author
Posted

OK, ran OTL with the above fix. Here is the log.

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls deleted successfully.

File pInit_DLLs: C:\WINDOWS\system32\kbdsock.dll not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\tiromafek deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b950c87c-80b2-4140-bda5-25c7397d91e5}\ deleted successfully.

File c:\windows\system32\kokihove.dll not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\gahurihor not found.

File c:\windows\system32\kokihove.dll not found.

========== FILES ==========

File\Folder C:\WINDOWS\system32\kbdsock.dll not found.

File\Folder c:\windows\system32\kokihove.dll not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Krissy

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Apple Safari cache emptied: 0 bytes

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Makayla

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService

->Temp folder emptied: 3584 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: user

->Temp folder emptied: 100494590 bytes

->Temporary Internet Files folder emptied: 252962 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 29314555 bytes

->Apple Safari cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

Windows Temp folder emptied: 1323886 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 1000 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 21131616 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 146.00 mb

OTL by OldTimer - Version 3.1.20.1 log created on 01022010_213826

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

========================================================

Tried to uninstall Acrobat 8.1.2, but it gave me an error. It says "Error 1402. Could not open key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS. Verify that you have sufficient access to that key, or contact your support personnel." What does that mean? Looks like something is preventing Adobe from being removed. Suggestions?

Link to post
Share on other sites
sparky741

sparky741

Posted
  • Author
Posted

Alright, I ran Combofix, but it did not seem to produce the log. I did not find a c:\combofix.txt file after it supposedly finished. I let it run and walked away from the computer so I did not see what all happened as it did the scan. I don't know how much it will matter as the redirects and pop-ups are still here, so if Combofix did remove them, they came right back. What should we try next?

Link to post
Share on other sites
SpySentinel

SpySentinel

Posted
Posted

Please download exeHelper to your desktop.

Double-click on exeHelper.com to run the fix.

A black window should pop up, press any key to close once the fix is completed.

Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)

Link to post
Share on other sites
sparky741

sparky741

Posted
  • Author
Posted

OK, here is the log:

exeHelper by Raktor

Build 20091220

Run at 22:55:21 on 01/07/10

Now searching...

Checking for numerical processes...

Checking for sysguard processes...

Checking for bad processes...

Checking for bad files...

Checking for bad registry entries...

Resetting filetype association for .exe

Resetting filetype association for .com

Resetting userinit and shell values...

Resetting policies...

--Finished--

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.